EVP_DecodeBlock(): minor implementation nit

Sat, 15 Dec 2001 10:38:42 -0800 

I came across a minor nit in the EVP_BlockDecode() logic.
As I understand the RFC for base64 encoding, characters outside
of the specified character range (and whitespace characters in
particular) should be ignored.  Unfortunately, after stripping
off the leading and trailing whitespace this routine just checks
that the number of bytes left is even divisible by 4.

This isn't an issue with the PEM wrappers, but a Netscape SPKAC
isn't a PEM type and it contains whitespace, so it breaks the
decoder.

Alternately, the following patch could be added to crypto/x509/x509spi.c


--- x509spki.c.orig     Fri Dec 14 12:06:55 2001
+++ x509spki.c  Fri Dec 14 12:12:44 2001
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1_mac.h>
@@ -78,24 +79,36 @@
 
 NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
 {
-       unsigned char *spki_der, *p;
-       int spki_len;
+       unsigned char *spki_pem, *spki_der, *p;
+       int spki_len,i,newlen;
        NETSCAPE_SPKI *spki;
        if(len <= 0) len = strlen(str);
+       if (!(spki_pem = OPENSSL_malloc(len + 1))) {
+               X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+       for(i = newlen = 0; i < len; i++) {
+               if (isalnum(str[i]) || str[i]=='+' || str[i]=='/' || str[i]=='=')
+                       spki_pem[newlen++] = str[i];
+       }
+       len = newlen;
        if (!(spki_der = OPENSSL_malloc(len + 1))) {
                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+               OPENSSL_free (spki_pem);
                return NULL;
        }
-       spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+       spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)spki_pem, len);
        if(spki_len < 0) {
                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
                                                X509_R_BASE64_DECODE_ERROR);
                OPENSSL_free(spki_der);
+               OPENSSL_free(spki_pem);
                return NULL;
        }
        p = spki_der;
        spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
        OPENSSL_free(spki_der);
+       OPENSSL_free(spki_pem);
        return spki;
 }
 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to